Bitdrop is an interesting new app/service for sending encrypted files to anyone over the internet, with the big advantage that the receiver doesn’t need to install anything. This is pretty good for the paranoid and careful alike, letting you share files using e-mail, but without sending them over the open internet.
Update: Markus from Bitdrop got in touch to clarify a few points. Here’s the relevant part clipped from his mail:
Bitdrop is a Swiss company with engineering offices in Zurich, Switzerland which gives us more freedom toward US legislation – we are not an American company of affiliated to any American company.
In our terms of service we mention California law and have setup and American phone number since we expect the US to be our biggest market.
We use a flexible server architecture that is not tied to any specific location.
Given the way our system works, files are always stored encrypted from a couple seconds to a up to 24 hours time before being wiped.
Encryption are only stored on your device and we cannot get access to your files.
Encrypted e-mail is great, but only if the person you’re sending it to is also set up for S/MIME or public key encryption. Chances are they won’t be, so what you need is something easier. Bitdrop works by encrypting and uploading your file, then sending a code to the recipient. They enter this code into the Bitdrop website and then download the file. Because both the uploading and the downloading part are done using AES 256-bit encryption (like the HTTPS connections you make to the bank and online stores), the theory goes that nobody can peek at its contents.
The trouble is trust, Do you trust Bitdrop? The company’s terms of service say that they’re governed by California law, which seems to mean that the company is also subject to U.S law, which means that it’s subject to the same secret NSA snooping as any other U.S company. On the other hand, one of the contact numbers has a +41 country code, which Google tells me is for Switzerland, so maybe you’re good.
If all you want to do is send sensitive but non-incriminating info over the wire without anyone peeking at it along the way, then you should be good to go. Files are deleted after download or after 24 hours – whichever comes sooner), and best of all, each transaction exists on its own, making even metadata tracking difficult for outside parties. For anything more perilous/
Then app is available now for free, and will be $5 after the launch period.